Corporate concerns about cyber wane even as risks evolve

Zurich Insurance has released the seventh annual Advisen cyber survey revealing the current state of and trends in information security and cyber liability risk management. A number of the findings indicate that corporate concerns about cyber may be waning even as the nature of cyber attacks has evolved to include ransomware and malware.

For the first time in the seven years of the survey, there has been a decline in how seriously C-Suites view cyber risk.

Sixty percent of the risk professionals surveyed said executive management view cyber risk as a significant threat to their organization. This is down significantly from 85 percent in 2016.

Only 53 percent of respondents knew of any changes to their companies’ cyber security systems in response to the high profile attacks that took place in early 2017.

Growth in the purchase of cyber insurance has gone stagnant after a steady six-year increase from 35 to 65 percent.

“These findings may indicate that businesses are not up to speed on the magnitude of impact that business interruption losses are beginning to have on businesses,” said Erica Davis, head of Specialty E&O for Zurich North America. “Annually, the survey results are critical for understanding how businesses are thinking about cyber risk and what we need to do to help them protect themselves as we watch this issue continue to evolve.”

2017 has seen several high profile cyber events -- data security losses impacting millions of consumers’ personal information; and malware and ransomware attacks that swept through businesses shutting down network systems and in many cases slowing or actually halting business operations. Last year the average cost of a cyber-related business interruption loss reached $3.7 million in the healthcare industry alone according to 2017 Ponemon Institute Cost of a Data Breach Study.

According to the survey results, risk professionals view cyber-related business continuity risk less seriously than data integrity risk even as business interruption costs rise and high profile business interruption attacks took center stage. The survey also found that just 10 percent of respondents identified business interruption as the primary reason for purchasing cyber insurance.

Supply chain security controls
Those organizations with robust cyber security controls are paying attention to the cyber controls of the vendors and business partner who have access to their systems. More than 50 percent of respondents said, they have inserted security requirements into every RFP and contract; require vendors and business partners to comply with critical standards; and/or insist upon cyber insurance requirements.

“Businesses must adopt a mindset of resilience that extends beyond the four walls of their organization,” added Davis. “As cyber security breaches persist, it is more critical than ever to engage in an ongoing, comprehensive review of all business partner relationships including how those vendors and business partners approach their own exposures and controls and how the vendors’ supplier approach fits into their overall resilience plan.”

Zurich is presenting the key findings, analysis and conclusions today during a presentation at the Advisen Cyber Risk Insights Conference in New York City. It represents a sustained commitment by Zurich and Advisen to stay current with these evolving risks and the impact they have on businesses across the United States.

The results reflect 315 respondents representing U.S.-based risk managers, insurance buyers and other risk professionals covering both large and small companies. The survey is represented by business of all sizes but slightly weighted towards smaller companies with 56 percent of respondent companies having revenues (or budgets for nonprofit or government entities) of $1B or less. In terms of employee count, 17 percent have fewer than 250, 7 percent have 250 to 500, 12 percent have 500 to 1000, 24 percent have 1000 to 5000, 17 percent have 5,000 to 15,000, and 24 percent have more than 15,000 employees. Finance, Banking, and Insurance has the highest industry representation at 19 percent of the total. Other highly represented industries include services (hospitality, legal, educational, social etc.) at 17 percent; and manufacturing and healthcare both at 11 percent.

About Zurich
Zurich Insurance Group (Zurich) is a leading multi-line insurer that serves its customers in global and local markets. With about 54,000 employees, it provides a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories. Zurich’s customers include individuals, small businesses, and mid-sized and large companies, as well as multinational corporations. The Group is headquartered in Zurich, Switzerland, where it was founded in 1872. The holding company, Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information about Zurich is available at www.zurich.com.

In North America, Zurich is a leading commercial property-casualty insurance provider serving the global corporate, large corporate, middle market, specialties and programs sectors through the individual member companies of Zurich in North America, including Zurich American Insurance Company. Life insurance and disability coverage issued in the United States in all states except New York is issued by Zurich American Life Insurance Company, an Illinois domestic life insurance company. In New York, life insurance and disability coverage is issued by Zurich American Life Insurance Company of New York, a New York domestic life insurance company. For more information about the products and services it offers and people Zurich employs around the world go to www.zurichna.com. 2012 marked Zurich's 100 year anniversary of insuring America and the success of its customers, shareholders and employees.